If anyone is interested, we've just a posted a blog detailing how we've been getting the pattern lock from raw flash dumps (usually acquired via JTAG).
So what are the JTAG hardware and software of choice by the users on the forum?
I've been getting some good results with the RIFF box but the JTAG jigs you buy from different vendors are very hit and miss depending on handset model
Most of these devices have 2 types of chips (NOR and NAND) or multiple partitions, the RIFF box is good and will get data from the NOR chip and some partitions but after speaking to the developer of the product, they are not interested in reading from the partitions that contain the user data or the NAND chip that also has that type of data. They are generally only interested in the chip or partition that contains the firmware and or OS, hence the purpose of the flasher boxes, to repair these areas so they can get the phone working again……..you will need to look at other more advanced JTAG hardware/software to get access to the nitty gritty!
Boxes like the RIFF, ORT, etc. are great for the regular type mobile phones but when you get into the Smartphones, you need to step it up a level. I am not downplaying these tools, great for your tool chest.
Go here for a good read http//openocd.sourceforge.net/
Look through the archives and the Documentation heading, great stuff. Best of all, this is open source!
Entry level training will be available at Mobile Forensics World http//
In August of 2012, a full week of advanced JTAG training will be in place from Teel Tech as well. This will include 2.5 days of taking the phone apart, learning soldering skills for attaching wires and putting the phone back together so you can still access it using your forensic tools; then 2.5 days of full on JTAGing that will include advanced tools, methods to locate Test Access Points on the mainboard, using the right jigs, dealing with the data afterwards, decoding and data carving, finding Android passwords, and much more….
I love the JTAG process and feel that this will be a tool we may have to depend on in the near future because the phone companies are restricting our access to the USB path (USB Debugging and locked phones like Tracfones) to get to the user data.
Happy JTAG'ing!
Whilst discussing gesture pattern locking, has anyone tried this?
http//
I've not tried the recovery method personally, but certainly if you can recover the hash (what ever way), that page worked last time I tried it.
I've not tried the recovery method personally, but certainly if you can recover the hash (what ever way), that page worked last time I tried it.
Thanks AlexC
Here is an interesting request made to the US Court by the FBI seeking Google to reveal user gesture locking code and other user data.
http//
Maybe our resident US examiners can explain a few tech issues.
PUK, in common parlance, refers to a PIN Unlocking Key generated for a (U)SIM Card by the manufacturer of a particular (U)SIM. The PUK under these circumstances can be held by the manufacturer, network operator or maybe recorded on some point of sale material at the time (U)SIM was sold to consumer.
However, is PUK being used in the US in some other way in relation to handsets? Is it an acronym? Or was the person filing the search warrant slightly confused as to what PUK is and what Google can actually provide?
Talking of revealing gesture lock codes, I seem to remember reading a thread at FF about a new discovery? Any clues -)
Apparently, so we are told, the FBI Agent did request the Search Warrant and Affidavit not to be revealed but, whoever had responsibility, didn't seal the Warrant and Affidavit, thus enabling revelation to the world at large.